i am working on financial software where there are many times where a "supervisor" is required to authorize that the user can continue, e.g.:

user wants to void a funds transfer

user has a variance (they're missing, or have extra, money)

user is performing a financial transaction over a certain value (e.g. $10,000).

In these cases when the user clicks the "Do it" button, e.g.:

a supervisor will be required to enter their credentials:

And this is how the software has been behaving for over a decade.

Starting with Windows Vista, i really liked the indication on certain UI elements that lets the user know that they're gonna need an administrator if they click this:

i wanted to add the same indication on my own UI elements. Except that we don't use Windows domain account credentials, we use our own (corporate wide) user manager. Initially i added our "User" icon to some buttons; the rationale is that you're looking at a "supervisor":

But as i tested it, it just didn't give the correct impression as the real Windows "UAC Shield":

But i'm somewhat weary of presenting a true UAC Shield icon, when the software will be prompting for "financial credentials" rather than "Windows credentials".

Between Windows Vista and Windows 7, Microsoft changed the UAC Shield icon. And since almost nobody used Vista, i thought perhaps i could repurpose that "shield". That way i'm not using the exact elevation shield, but it has enough of the certain mise-en-scène of elevation being required, but not an actual Windows elevation:

What is the thinking on using the Windows 7, or Windows Vista "UAC Shield" in software to indicate that a privelage elevation is required? Is there another icon that represents the idea better?

Another option is to just have the words Authentication required in a smaller font underneath the main text on the button (no icon at all!).
–
Roger AttrillAug 9 '11 at 10:53

@Roger Can't really do that in the Windows application.
–
Ian BoydAug 9 '11 at 14:50

Per your update, that would look good if the icons were scaled better, perhaps using sharper downsampling or starting with native 16x16 icons and 8x8 indicators (if they're available).
–
Adam MarasAug 9 '11 at 23:04

The lock in the 2nd one is (nearly) native 16x16. The lock in the first one is with sharpen applied to the smart object. It's a 16x16 image, but the UI has to scale with the user's DPI/font preference. In my case that's 136% larger.
–
Ian BoydAug 9 '11 at 23:51

My opinion is that user + lock is best. It just requires a well designed icon. 16x16 is fine for it.
–
Chris MorganAug 11 '11 at 10:56

3 Answers
3

In this case, I would recommend using a combination of your first and fourth sample images; use an icon of a user, with a smaller icon overlay of a padlock. This indicates that the action will require secure access (hence the padlock) provided by a user (hence the user icon.)

It has no OS specific association - it simply means that the action is locked and needs to be unlocked before it can be completed. It's a clear common icon. The windows shield will not be identifiable to most users I feel.

@Jorn - thanks for the image edit - I was just getting around to my own versions :-)
–
Roger AttrillAug 8 '11 at 20:45

"Requiring authorization" is not the same as "locked" -- the metaphor is tenuous. Does entering the password unlock the feature until next program start (and change the icon to unlocked/none)? If not, the lock is inappropriate.
–
dbkkAug 9 '11 at 9:46

That's a fair point - and maybe to some extent it matters as to what happens after the authentication dialog has been completed. E.g. whether after authentication, the user returns to see the padlock unlocked and can continue with the process, or whether all the 'protected' features happen in a separate dialog, eventually returning the user to see the button in a 'still locked' state. But I don't have a problem with the button being re-locked provided it is related to a separate transaction. Because it's a transaction related app, I don't think a 'session' has to mean a program restart.
–
Roger AttrillAug 9 '11 at 10:04

To be clear, in this case the user does not "return" to find the button unlocked. They click the button; if they had permission then the operation happens. If they don't have permission then someone enter's credentials, click OK, and then the operation happens. That having been said, i think i prefer the lock, over the shield, over the user manager guy.
–
Ian BoydAug 9 '11 at 14:52

@dbkk The shield metaphor is also weak; it's not protecting anyone from anything. On the other hand everyone uses a padlock for https. And the dialog i have (Which is Window's standard credentials dialog) already shows keys. The Lock and Key metaphore continue in Windows with security, while the shield represents protection (e.g UAC, Windows Firewall). i realize i'm over-thinking the metaphore...
–
Ian BoydAug 9 '11 at 15:02